"Reused Password" Doesn't Go Away

sylvaticus
sylvaticus
Community Member

One a site that had the "reused password" warning, I changed the password with the random password generator set to max for all settings. Shouldn't the warning have gone away? There is no way that it randomly generated a duplicate password, right? I even exited completely and restarted 1Password. I'm using the current version on Mojave.

Thanks for any help!


1Password Version: 1Password 7 Version 7.2.1 (70201002)
Extension Version: 7.2.1
OS Version: Mojave 10.14 (18A391)
Sync Type: Dropbox

Comments

  • Lars
    Lars
    1Password Alumni

    @sylvaticus - what's likely here is that you are saving the Password item (because you generated it, it will be saved -- that's how 1Password works generally), and ALSO saving the new (or revised) Login item. Thus, no matter how strong the password you just generated, there are two copies of it -- a Password item and the Login item. You can verify this by visiting the Reused Passwords section of Watchtower and checking to see whether you have two items for that particular password. If you do - if the same password is saved separate and within the Login item you actually use, then it's fine to delete the separate generated password item. Hope that helps!

  • sylvaticus
    sylvaticus
    Community Member

    Thank you, Lars. I went to the Reused Passwords section and there is no Password item, just the Login item. I also searched on the password, and it only found the Login item. However, the Login item does exist in both vaults, personal and primary (I have two because I switched from standalone app to the subscription and the process created the second vault. Surely that's not the reason?

  • Lars
    Lars
    1Password Alumni

    @sylvaticus - that is indeed the reason. If you changed from a standalone setup to a 1password.com account, there's no need to keep the previous Primary (standalone) vault around. If you decide you do want to keep it for some reason, I'd strongly recommend emptying out all the duplicate passwords that would've been migrated over into the 1password.com account vault when you made the switch, because they'll only cause you confusion and they don't sync with one another which will mean that over time, you'll start to have copies of what look like duplicate items, but with different information in each one - some will have newer, changed info, others will have the older information. It can get to be a real mess. If you don't have a specific reason for keeping the Primary vault around, and you DO know your Master Password for your 1password.com account, I'd strongly recommend removing the Primary vault.

  • sylvaticus
    sylvaticus
    Community Member

    Thank you once again, Lars!

    Well…that was a complete nightmare! I went through all the reused passwords to copy everything that was in Primary only to Personal. I really wish 1Password had a way to sync the two! I thought I was being more careful about manually syncing them, but clearly I was less careful than I thought!

    Anyway, I now have one vault only—Personal. :-)

    I still have a few duplicates, but I'm not worried about them; they're for my default throw-away accounts where I could care less about being hacked (I think). If anyone wants to hack my BJ's Restaurant account, rock on! There's no data in there that matters.

    Thanks again!

  • Lars
    Lars
    1Password Alumni

    @sylvaticus - I'm sorry for the trouble. On the plus side, it's a one-time thing: now that you've ripped that band-aid off, you won't have to do this again. Forward, into a more-organized future! :)

  • sylvaticus
    sylvaticus
    Community Member

    LOL exactly right! :-)

  • Lars
    Lars
    1Password Alumni

    :) :+1:

  • SallyShears
    SallyShears
    Community Member

    Same problem. "Reused password" for every item. Just upgraded from license to 1pw account. I have 600 entries all showing "Reused Password". In the browser extension, it shows two items for every login; apparently one will be updated, one will now. How to reconcile without going through one by one. Otherwise, this is a disaster.

  • Lars
    Lars
    1Password Alumni

    @SallyShears - did you perhaps elect to keep your older Primary vault while also copying all of its data into the new Personal (or Private) vault of your 1password.com account? If so, may I ask why? We really don't recommend this; it duplicates all your items and runs a significant risk as time goes on that you will update/change/add some of those items in Primary and others in Personal, resulting in increasingly dissimilar data sets and confusion. If this is what you did, and you don't mind removing Primary, please visit Preferences > Advanced and UN-check the box marked "Allow creation of vaults outside 1password accounts." This will not only remove all of the "duplicate" items in one go, it will also remove the Re-used Passwords warning on all of them, leaving you with only truly re-used passwords flagged. Hope this helps!

  • SallyShears
    SallyShears
    Community Member

    Thanks, Lars. I want to understand: With an account, "Private" is the primary vault... Just kidding. "Private" is the main vault, the one to use ALL the time. "Primary" is left over from ver 6 and can/should be deleted. Right?

    Thanks for the specific instructions.

  • Lars
    Lars
    1Password Alumni

    @SallyShears

    "Private" is the main vault, the one to use ALL the time. "Primary" is left over from ver 6 and can/should be deleted. Right?

    Right. I mean, usual caveats: make VERY sure you've copied all the data out of Primary and into Private before you go about deleting things. But if you're certain, then yes -- this is the way forward.

  • taliszt
    taliszt
    Community Member

    Hi Lars. I definitely need your help. I have been struggling with my new membership of 1Password 7 for quite some time. I'm frustrated. So I finally got setup. I was confused with the various terms used for primary password, private password, secret key and website login password. I've been going back and forth with someone via email but it has not been useful at all.

    I see your explanation above to @SallyShears and I'm trying the steps with no luck. I CAN currently enter my "Private" password and it works. This is ALSO the password to login to your website. And I have a "Secret Key." So as you indicated above, I went to Preferences> Advanced and see that I have 736 entries under Reused. For each duplicate, there are a "Primary" and "Personal" entry. Then I "uncheck" the Local Vaults box, and it immediately asks for my Master Password, indicating it will delete 373 "Primary vault" entries. And this works fine. (I click the button "Delete Items and Vault." The next step says, "Enter your 'Tim Liszt' account password. This password will become your new Master Password, and you will use it to unlock 1Password from now on. At this point, no matter what I put in the box, the message says it is PASSWORD INCORRECT. Why not!? The button to click reads "Update Master Password," so aren't I just creating a NEW Master Password? I've tried entering something NEW multiple times, but am stuck at this point.

    I just don't get it. IF I CAN GET THIS SETUP AGAIN, then maybe I'll go back to LOVING 1Password like I have for years. I've told MANY folks about it and got them using it too. And now quite honestly everyone feels about the same as me. Annoyed and completely frustrated. Two developer friends moved on to LastPass or another solution. They all say now (bad word of mouth) that 1Password "switched to a membership model" and simply stopped working. I'd rather NOT throw in the towel and get this resolved. Emailing staff, though completely pleasant, has been an utter waste of time. They've not been able to help at all.

    I look forward to hearing back... Thanks in advance!

  • taliszt
    taliszt
    Community Member
    edited November 2018

    O.K. NOW it's gotten even worse. (Is that possible?!) I think the screw-up has happened from when signing up for the NEW membership account at 1password.com. Safari recommended a STRONG password, and I made the mistake of accepting it. BUT I didn't/couldn't see/copy/write down that password because it didn't display in the field. RIGHT NOW I cannot login to my account at 1password. I attempted to reset the password, but it wouldn't allow me to do it because the username tliszt was already in use (by me!). Then I thought to hell with it and created a new account as taliszt. It's basically all HOSED and I need to get this resolved. I can send you (privately) my master password and my secret key. OR you can confirm that I am indeed signed up and have paid. My email address is: tim@lisztdesign.com. But right now I'm dead in the water (and have been for about two weeks). Again, I'm not going to send more back-and-forth emails with people who provide no assistance and no information at all. I've been corresponding with Megan. She is nice but seems to be only a customer service person in sales. No technical knowledge. I may at this point have a DUPLICATE user account with you folks, but only one is paid for. I am: [personal information removed by 1Password staff -- this is a public forum] And I did pay. Just can't get anything to work for me.

  • SallyShears
    SallyShears
    Community Member

    Lars, for feedback to your product team (or maybe you are on that team)... Points of confusion:
    - Membership asks me to set a "Master Password". But there is also a "Master Password" to open the vault. Great confusion.
    - Upon launching membership, just about the first thing is "Do you want to delete the Private vault?" Of course, we will answer "No" until later when hopefully we are really sure. As a result, we see double everything and the prominent "reuse" warning.

    @Taliszt -- Hang in there. I'm sure the team can help you.

  • SallyShears
    SallyShears
    Community Member

    Ooops... That was first request is "Do you want to delete the PRIMARY vault?" Of course, we will all answer NO! Who in their right mind would delete their primary vault right then?

  • AGAlumB
    AGAlumB
    1Password Alumni
    • Membership asks me to set a "Master Password". But there is also a "Master Password" to open the vault. Great confusion.

    @SallyShears: Indeed, that's why the 1Password.com sign up process recommends using your existing Master Password if you've already been using 1Password with a local vault. The only reason not to is if you've been using something weak or otherwise insecure (a reused password, for example).

    • Upon launching membership, just about the first thing is "Do you want to delete the [Primary] vault?" Of course, we will answer "No" until later when hopefully we are really sure. As a result, we see double everything and the prominent "reuse" warning.

    But you were aware that you did that. Certainly I think it's important that the user has that choice. I'm not sure what you're suggesting.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @taliszt: The 1Password app unlocks using the Master Password of the first vault/account you have setup there. So if you've chosen to use a different one when setting up your new account, you will need to enter that in order to sign into the account successfully. I'm sorry that you've been having trouble, but this isn't a technical problem. Since only you ever know your Master Password it isn't something we can help you with directly, other than to try to point you in the right direction. Ultimately it's up to you to remember the password you chose, but there is no harm at all in trying many times. You will not get "locked out" punitively; you just won't be successful unless you enter it correctly.

  • SallyShears
    SallyShears
    Community Member

    OK, I'll try again:

    feedback to your product team (or maybe you are on that team)... Points of confusion:

    • Membership asks me to set a "Master Password". But there is also a "Master Password" to open the vault. Great confusion.
    • Upon launching membership, just about the first thing is "Do you want to delete the Primary vault?" Of course, we will answer "No"; no one in their right mind would answer yes. However, the answer you are looking for is "Yes" and as a result, we see double everything and the prominent "reuse" warning. My feedback is that your process for transition from old 1Password to "Membership" gets the user into an unfortunate and confusing position. Either explain more, make some thing automatic, or something.

    Please consider the issues that I had and that @taliszt has. Thanks for passing this on to your product development team.

  • taliszt
    taliszt
    Community Member

    This is where I'm confused. And sure, I'm happy to assume all responsibility. But here's where I am now (and the mistake I made). I used the Secret Key for the website login password.

    And I made a mistake of letting Safari choose my password for the Master Password, not to be confused with the Secret Key. So it isn’t quite as clear as assumed...

  • Lars
    Lars
    1Password Alumni

    @taliszt - you...used your Secret Key as a password? That's not a good idea, for two reasons. One, it's supposed to be a secret. But perhaps more importantly, it's also designed to be long and UN-memorable (meaning: random and hard for humans to remember). If you're using 1Password, we also recommend you turn off your browser’s password manager.

    @SallyShears - For the record, the Primary vault is the vault you created when you first began using 1Password as a standalone app, whether that was a few months ago or several years. It is the default vault created by all 1Password apps on first run in standalone mode. If you later switch/upgrade to a 1password.com account, the process of doing so involves migrating your existing data (in your Primary vault) into your 1password.com vault(s). After that, you can - and should delete your Primary vault, because it's no longer needed. You switched to a 1password.com account presumably for the benefits it offers, so don't keep a redundant copy of your data hanging around in your Primary (standalone) vault.

    1Password will, as brenty mentioned, always use the vault password of the first vault you create, as the Master Password. In every standalone setup, that's your Primary vault. So, when you go to remove it, you have to provide the Master Password you created for your 1password.com account. If you allowed Safari to choose it, it may be saved in your system keychain. But if you can't find it or think it's not saved, then please write to support+forum@agilebits.com and ask to have your account deleted. With your email please include:

    • A link to this thread: https://discussions.agilebits.com/discussion/comment/472646#Comment_472646
    • Your forum username: @taliszt

    That way I can "connect the dots" when I see your email in our inbox. You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here in this thread so I can track down the diagnostics and ensure that this issue is dealt with quickly. :)

    We can delete your account and get a new one set up for you, and try again. :)

  • taliszt
    taliszt
    Community Member

    I do understand what you’ve said. My first mistake was letting Safari suggest the ‘strong’ password when signing up with an account on your website (when I signed up for membership.)

    I did NOT understand the difference with the terms about a primary or personal vault or that the master password

    I know I am not the only one who got confused because several folks I know and work with who are web developers left 1password out of frustration and similar confusion.

    I would just like to start over if that’s possible. At this point, I believe o have two user accounts: tliszt and taliszt, both with my email address tim@lisztdesign.com

    I can see in my Vault that there is a duplicate of everything. For the duplicates, (which are flagged in red) one is labeled as Personal and the other is labeled Primary. I tried to remove the duplication with steps listed in this forum using a setting (checkbox) under 1password’s Preferences. But it kept asking to change the master password.

    I do have my emergency kit, which includes my Secret Key.

    I’d like to start fresh. This time AVOIDING the step where I allowed Safari to randomly generate the strong password to access your website. Can we do that? Can I just start out fresh?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited November 2018

    Membership asks me to set a "Master Password". But there is also a "Master Password" to open the vault. Great confusion.

    @SallyShears: Right. But you chose both of those, so I think it's reasonable to expect you to know them. Certainly it's more for you to remember though, which is why the step where you choose a Master Password for your 1Password.com account suggests using the same one you've already been using in 1Password. I'm sorry for not being clearer.

    Upon launching membership, just about the first thing is "Do you want to delete the Primary vault?" Of course, we will answer "No"; no one in their right mind would answer yes. However, the answer you are looking for is "Yes" and as a result, we see double everything and the prominent "reuse" warning. My feedback is that your process for transition from old 1Password to "Membership" gets the user into an unfortunate and confusing position. Either explain more, make some thing automatic, or something.

    I don't think it's ideal to automatically delete a user's original vault, but certainly it's something we can consider. You yourself seem to have chosen not to do that, probably quite consciously. Certainly that would help reduce confusion in this specific regard (though it could cause other confusion: e.g. then you'd suddenly need to use a different Master Password to unlock, if you chose a different one for the account), but it's not without its downsides. So we offer the choice currently. I think that's reasonable. Food for though.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @taliszt: Thanks for clarifying. Since I see you're copying and pasting the same thing into email messages as well, and ultimately account changes need to be handled there and not here in a public forum, I'll close this discussion and we'll continue the conversation via email to avoid further confusion and duplication of effort for all involved. Thanks.

    ref: NHD-49527-985

This discussion has been closed.